Tanne

tanne is a small, secure session-management
solution for HTTP. It replaces common sessions
with a system consisting of PIN and TANs, well
known from online banking. It's main purpose is to
enable programmers of Web applications to have
real secure sessions without cookies or
session-ids.

Recent comments

reinventing the wheel
Perhaps I misunderstood the core idea of the project, but hasn't embedding-app-session-ID-into-URL been known and widely used for years ? Moreover, using a set of related temporary IDs with exactly one active severly depricates usability of the system, because the user cannot use multi-windows browsing in the scope of a single session.